mongodb_exporter icon indicating copy to clipboard operation
mongodb_exporter copied to clipboard

Published 20 hours ago verified publisher icon percona

Unable to connect to MongoDB with a certification

Open shalomm-gloat opened this issue 1 year ago • 5 comments

Issue Summary Greetings,

We are currently experiencing an issue while trying to establish a connection to MongoDB via the Percona mongodb_exporter using the provided URI:

mongodb://admin:**********@mongodb-svc.mongodb:27017/?tls=true&tlsAllowInvalidHostnames=true&tlsCAFile=/certs/mongo.crt

Issue Details The aforementioned attempt returns the following error:

level=error msg="Cannot connect to MongoDB: cannot connect to MongoDB: server selection error: server selection timeout, current topology: { Type: Single, Servers: [{ Addr: mongodb-svc.mongodb.svc.cluster.local:27017, Type: Unknown, Last error: connection() error occurred during connection handshake: x509: certificate is not valid for any names, but wanted to match mongodb-svc.mongodb.svc.cluster.local }, ] }"

Notably, all aspects seem to be operating correctly, and the SAN and CNAME indicate the correct name of *.mongodb-svc.mongodb.svc.cluster.local.

Upon utilizing mongosh within the server (through container initialization), we were successful in establishing a connection using the same URI, which leaves us uncertain of further areas to investigate.

Reproduction Steps The behaviour can be replicated by the following steps:

  1. Pass the following URI: mongodb://admin:**********@mongodb-svc.mongodb:27017/?tls=true&tlsAllowInvalidHostnames=true&tlsCAFile=/certs/mongo.crt
  2. Upload the .crt to the appropriate path.
  3. Despite these steps, the aforementioned error persists.

Expected Outcome The expected outcome is a successful connection to MongoDB.

Log Data The log data is as follows: time="2023-07-09T08:41:22Z" level=error msg="Cannot connect to MongoDB: cannot connect to MongoDB: server selection error: server selection timeout, current topology: { Type: Single, Servers: [{ Addr: mongodb-svc.mongodb.svc.cluster.local:27017, Type: Unknown, Last error: connection() error occurred during connection handshake: x509: certificate is not valid for any names, but wanted to match mongodb-svc.mongodb.svc.cluster.local }, ] }"

Environment Data The environment specifics are as follows:

  • Environment: Kubernetes
  • MongoDB Version: 4.4.6
  • Percona Version: Latest

We appreciate any guidance or suggestions regarding this issue.

shalomm-gloat avatar Jul 09 '23 11:07 shalomm-gloat

I'm using documentdb 4.0 and this works for me (version 0.39)

?ssl=true&tlsCAFile=XXX.pem

smeeklai avatar Jul 11 '23 08:07 smeeklai

i face same problem. docker, 0.39. not really sure how to explain this:

DEBU[0000] Connection URI: mongodb://user:pass@mongo:27017/?tls=true&tlsCertificateKeyFile=/keys/mongo-client.pem&tlsCAFile=/keys/CA.pem&tlsAllowInvalidCertificates=true level=info ts=2023-07-27T23:32:08.467Z caller=tls_config.go:195 msg="TLS is disabled." http2=false

maiaz avatar Jul 27 '23 23:07 maiaz

I'm seeing the same symptom right now. Any idea what else should we look at to debug further?

kevincantu avatar Aug 23 '23 02:08 kevincantu

Is this project still alive? I am facing issues with TLS as well and see many unassigned TLS-related issues in this repo (some of them are 1+ y.o.)...

igor-pinchuk avatar Sep 28 '23 10:09 igor-pinchuk

I have fixed this issue by creating --web-config file, but receiving socket issue as below. Any help would be appreciated.

Percona prometheus version used: 0.40.0 MongoDB version: 6.0.6 Community Edition

LOG: ######################### level=info ts=2024-01-22T12:14:54.307Z caller=tls_config.go:274 msg="Listening on" address=[::]:9216 level=info ts=2024-01-22T12:14:54.308Z caller=tls_config.go:310 msg="TLS is enabled." http2=false address=[::]:9216

time="2024-01-22T12:14:59Z" level=error msg="Cannot connect to MongoDB: cannot connect to MongoDB: server selection error: server selection timeout, current topology: { Type: Unknown, Servers: [{ Addr: xxx.svc.cluster.local:27017, Type: Unknown, Last error: connection(xxxx..svc.cluster.local:27017[-30]) socket was unexpectedly closed: EOF }, ] }" ##############################

Configurations:

extraArgs:

  • --compatible-mode
  • --collector.dbstats
  • --collector.collstats-limit=0
  • --collector.topmetrics
  • --web.config=/tmp/webconfig.yaml
  • --mongodb.uri=mongodb://user:pass@/admin?tls=true&tlsCertificateKeyFile=/tmp/tls-combined.pem&tlsCAFile=/tmp/ca.crt
  • --log.level=debug
  • --mongodb.direct-connect=false

web-config:

tls_server_config: cert_file: "/tmp/tls-combined.pem" key_file: "/tmp/tls.key" client_auth_type: "RequireAndVerifyClientCert" client_ca_file: "/tmp/ca.crt" http_server_config: http2: false

harishkumarrajasekaran avatar Jan 22 '24 12:01 harishkumarrajasekaran